ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4762-1 advisory.

    It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect     to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly     execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - ssh-agent in OpenSSH before 8.5 has a double free that     may be relevant in a few less-common scenarios, such as     unconstrained agent-socket access on a legacy operating     system, or the forwarding of an agent to an     attacker-controlled host.(CVE-2021-28041)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:4153-1 advisory.

  - ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios,     such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to     an attacker-controlled host. (CVE-2021-28041)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the openssh package has been released.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4153-1 advisory.

  - ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios,     such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to     an attacker-controlled host. (CVE-2021-28041)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

OpenBSD Project reports :

ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket.

On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root.
Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions.

The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - ssh-agent in OpenSSH before 8.5 has a double free that     may be relevant in a few less-common scenarios, such as     unconstrained agent-socket access on a legacy operating     system, or the forwarding of an agent to an     attacker-controlled host.(CVE-2021-28041)

  - A flaw was found in OpenSSH in versions 5.7 through     8.3, where an Observable Discrepancy occurs and leads     to an information leak in the algorithm negotiation.
    This flaw allows a man-in-the-middle attacker to target     initial connection attempts, where there is no host key     for the server that has been cached by the     client.(CVE-2020-14145)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ssh-agent in OpenSSH 8.2 < 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202105-35 (OpenSSH: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSSH. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, able to access the socket of the forwarding agent,       might be able to execute arbitrary code with the privileges of the       process or cause a Denial of Service condition.
      Furthermore, a remote attacker might conduct a man-in-the-middle attack       targeting initial connection attempts where no host key for the server       has been cached by client yet.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Published	Updated	Severity
504269	Siemens SIMATIC S7-1500 Double Free (CVE-2021-28041)	Tenable OT Security	Tenable.ot	11/13/2025	3/5/2026	high
147985	Ubuntu 20.04 LTS : OpenSSH vulnerability (USN-4762-1)	Nessus	Ubuntu Local Security Checks	3/23/2021	8/27/2024	high
150185	EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-1955)	Nessus	Huawei Local Security Checks	6/3/2021	12/27/2023	high
156287	SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2021:4153-1)	Nessus	SuSE Local Security Checks	12/25/2021	7/14/2023	high
150043	Photon OS 4.0: Openssh PHSA-2021-4.0-0033	Nessus	PhotonOS Local Security Checks	5/28/2021	8/22/2025	high
156277	openSUSE 15 Security Update : openssh (openSUSE-SU-2021:4153-1)	Nessus	SuSE Local Security Checks	12/25/2021	12/25/2021	high
147897	FreeBSD : OpenSSH -- Double-free memory corruption in ssh-agent (76b5068c-8436-11eb-9469-080027f515ea)	Nessus	FreeBSD Local Security Checks	3/19/2021	10/18/2021	high
148637	EulerOS Virtualization 2.9.0 : openssh (EulerOS-SA-2021-1746)	Nessus	Huawei Local Security Checks	4/15/2021	10/21/2025	high
150198	EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-1934)	Nessus	Huawei Local Security Checks	6/3/2021	12/27/2023	high
147662	OpenSSH 8.2 < 8.5	Nessus	Misc.	3/11/2021	3/27/2024	high
148631	EulerOS Virtualization 2.9.1 : openssh (EulerOS-SA-2021-1720)	Nessus	Huawei Local Security Checks	4/15/2021	10/21/2025	high
157020	GLSA-202105-35 : OpenSSH: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/24/2022	10/21/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

high

high